🎓 MCSI Certified DFIR Specialist 🎓
🏫 👉 www.mosse-inst...
💻🔎 MCSI Digital Forensics Library 🔎💻
📙📚 👉 library.mosse-...
🕵️‍♂️ 💯 Get the Most out of the Windows Registry in your Digital Forensic Investigations 💯 🕵️‍♀️
📙📚 👉 library.mosse-...
📙 👉 Harlan Carvey. 2011. Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry. Syngress Publishing.
The Windows Registry is a database that stores settings and options for Microsoft Windows operating systems. It contains information about how the operating system should work and how applications should behave. The registry also stores configuration settings for hardware devices, user preferences, and application settings. When you make a change to a setting in the registry, that change is propagated to all applications and components that use that setting.
By analyzing the Registry, investigators can potentially find clues about what happened on a computer and who was responsible. In some cases, the Registry may even contain evidence that has been deleted from other parts of the system.
In the video we will demonstrate how you can amend the data stored in the Windows registry and then discover the changes. This will help you develop an understanding as to what is stored in the Windows registry and how it plays an integral part in a digital forensic investigation.